Security Breaches & Security News

To follow Security Breaches and Security News throughout the day, follow me on Twitter

Council data breaches increase by ‘alarming’ 1,600 per cent

BMO Harris warns customers after laptop stolen

Bank vs. Customer Claims Rejected

Cyber-espionage Mahdi virus spreads further in Middle East

Hacker collective leaks one million records, vows ‘hellfire’

Frankenstein malware: a monster stitched together from trusted code

Virus on virus – set a thief to catch a thief

Oracle Releases Fix For Java CVE-2012-4681 Flaw

Latest SAP Security News

How Do You Change an Unhealthy Compliance Culture?

Link spotted between Wiper virus and Stuxnet, Duqu

Kaspersky looks at the wreckage of Wiper malware

More password problems from Windows Registry

Survey Tracks Security’s ‘Bad Mood’ Trend, Need for Improvement

Researchers Identify Second New Java Bug

Second LulzSec Member Arrested for Sony Pictures Attack

Analysis Shows Traces of Wiper Malware, But No Links to Flame

REALLY – Most firms do not protect sensitive data in databases, survey finds

Wils Bell – President
Direct: 407-365-2404
Email: Bell@SecurityHeadhunter.com

  • Twitter (Follow me for latest Jobs, Breaches, and News)
  • LinkedIn (I accept all security professional’s Invites)

Breaches & Security News

Follow me on Twitter @Security_REC for news, jobs and…

Wils Bell – President
Direct: 407-365-2404
Email: Bell@SecurityHeadhunter.com

HELPFUL LINKS

  • Twitter (Follow me for latest Jobs, Breaches, and News)
  • LinkedIn (I accept all security professional’s Invites)

Latest Infosec News

Follow my Twitter feeds for daily breach and security news.

Researchers uncover causes of MilitarySingles.com hack

NASA denies Iranian cyberattack

Absinthe 2.0 Jailbreak for iOS 5.1.1 Devices Released

New York Lawmakers Want Anonymous Comments Banned

FBI Warns Top Firms Of Anonymous Protest Hacks on May 25

The Virtual Sky is Falling!

Internet Fraudster Back in US After Being Fugitive for 12 Years

Join the Fight Against Cyber Spying Proposals in the Senate   

UK’s new cookie law came into effect Sunday

Yahoo and TalkTalk confirm human error as weakness security link

Flame proves cyberwarfare is active

Why Boards of Directors Don’t Get It

Mass. Hospital Pays Breach Settlement

Insider Case Exposes Security Lapses

Fighting Hackers With Public Relations

Olympic-themed spam emails carries malicious PDF  

Wils Bell – President
Direct: 407-365-2404
Email: Bell@SecurityHeadhunter.com

  • Twitter (Follow me for latest Jobs, Breaches, and News)
  • LinkedIn (I accept all security professional’s Invites)

Security Breaches, Security News & More (week ending 2-17-12)

Follow my Twitter feeds for daily breach and security news.

Wils Bell – President
Direct: 407-365-2404
Email: Bell@SecurityHeadhunter.com

HELPFUL LINKS

  • Twitter (Follow me for latest Jobs, Breaches, and News)
  • LinkedIn (I accept all security professional’s Invites)

Breaches & Information Security News

Follow my Twitter feeds for daily breach and security news.

 

Ernst & Young loses 401k information of bank employees

Food and beverage industry has unsavory history of data breaches

Disaster Recovery is health industry’s biggest headache

2011 review: CNI targetted, spam down, botnets up

Attackers Using Fake Google Analytics Code to Redirect Users to Black Hole Exploit Kit

Role of Ethics in IT Security

Data Loss Doesn’t Always Mean Getting Hacked

Hackers Infect WordPress Web Sites

VeriSign Hacked – But Why?

Number of patient record data breaches nearly doubled last year

Why Infosec Forced Me to Get an MBA

The Most Technologically Secure Super Bowl Ever

Acts of Terrorism vs. Cyber Threats: New Offense Scenarios

How to Win Friends and Steal Their Facebook Accounts

How To Spot A Fake Facebook Friend Profile

New Guidance on Payments Processing

Healthcare Breaches: Behind the Numbers

Verisign Breached Several Times in 2010

Wils Bell – President
Direct: 407-365-2404
Email: Bell@SecurityHeadhunter.com

HELPFUL LINKS

  • Twitter (Follow me for latest Jobs, Breaches, and News)
  • LinkedIn (I accept all security professional’s Invites)

Breaches From Across the Net Week ending 1-13-12

Follow my Twitter feeds for daily breach and security news.

 

 

Wils Bell – President
Direct: 407-365-2404
Email: Bell@SecurityHeadhunter.com

HELPFUL LINKS

  • Twitter (Follow me for latest Jobs, Breaches, and News)
  • LinkedIn (I accept all security professional’s Invites)


Breaches and Security Articles from Around the Web

Breaches and Security News from around the web as posted through  my Twitter Account.

Follow me on Twitter

 

Application Security Guide For CISOs

GSA Final Rule Requires Vendor Proof of Security

More than 51,000 security pros employed in Q4, up from 37.000 employed in Q1, study says

FBI Warns: Game Over

Cisero’s sues processor and bank over pass-along fines following alleged breach

Ramnit Worm Threatens Online Accounts

Cyber Attacks May Be Revealed to Investors as SEC Rules Push Disclosures

Researcher Releases New Version of P0f Fingerprinting Tool

Gamers Seek Beta Versions, Download Malware Instead

US and China headed for CYberWar in 2012: 

 

 

 

Breaches & Security News From Around the Web 12-06-11

Breaches and Security News from around the web as posted through  my Twitter Account.

Follow me on Twitter

 

Ex-Army researcher links Conficker to Stuxnet

Russian media, election watchdog silenced through cyberattacks

Small firms have fewer resources to deal with more cyberthreats, House panel told

MIT researchers: US needs single agency to protect electric grid from cyberattacks

Getting Past Security’s Fuzzy Math ROI

Is the Security Response System for SCADA-ICS Broken?

Holiday Shopping At Work Raises Risks

Raytheon Acquires Cybersecurity Firm Pikewerks

Executives Lack Confidence in Infosec Strategies

Controls Have to be Executed Perfectly Every Day

Carrier IQ Controversy Spawns Lawsuits

FBI Warns of New Fraud Scam

Congress Probes TRICARE Breach

Organizing a Breach Notification Team

 

Wils Bell

Bell (at ) SecurityHeadhunter.com

407-365-2404

Breaches & Security Articles From Around The Web 12-2-11

If you missed my Twitter (Security_REC)  posts on Security News and breaches this week, here’s a recap:

AT&T and Sprint acknowledge use of Carrier IQ

Norwich Airport database breached

FBI Warns of Coordinated Malware and DDoS Attacks Designed to Drain Bank Accounts

Twitter snaps up Marlinspike’s mobile encryption startup

Carrier IQ Rootkit Logs Everything on Millions of Phones

Health Care Data Breaches Increase by 32 Percent: Ponemon Report

Hackers accessed city infrastructure via SCADA – FBI

Data breaches in healthcare organizations are rising more than 30 percent year 

Survey – More patient data breaches, less security, and more headaches for patients

Breach Response: Reputational Risk

RIM PlayBook Jailbroken, Researchers Claim

Two Million Requests from Infected Systems In Week After Ghost Click Takedown

One-quarter of firms hit by cybercrime, survey finds

Adobe issues security warning for Adobe Flex SDK

Twitter snaps up Marlinspike’s mobile encryption startup

Carrier IQ smartphone software logs your every move, says researcher

Is PCI Effectively Preventing Fraud?

Fraud Scheme Hits Grocer

Duqu hackers scrub evidence from command servers, shut down spying op

Criminals sabotaging Cyber Monday, security experts warn

Security Breaches – A Short List

Security Breaches

Here are a basic sampling of Security Breaches that have been gathered from across the Internet. Who’s really winning this cyber war?

Hackers bait Zeus botnet trap with dead celeb tales

UPDATE: Idaho Power says Mercer breach affected over 375,000

UK insurer hit with biggest ever data loss fine

Judge approves Countrywide Financial ID theft settlement

Laptop stolen from U Kentucky had info on newborns and mothers

UConn notifies 10,174 applicants of laptop theft

Bank of America settles Countrywide data theft suits

College students slowest to respond to ID theft

Look for a weekly list from this point forward.

Wils Bell
President
SecurityHeadHunter.com, Inc.
POB 620298 * Oviedo, FL 32762
Direct: 407-365-2404

Top 10 Cyber Crime Jobs

The  Cyber Crime Organization

This morning while reading my daily dose of security breaches to post to my Twitter account I came across a great article from an FBI study that discusses the make up of a Cyber Crime organization. The Top 10 Positions, if you will.

It really made me think back to the days that hackers where young kids, bored, sitting at a computer seeing what mischief they could cause. Oh, how things have changed.

As I talk to clients daily and discuss the issues of Cyber security it makes me really wonder how many firms really think about hackers being in a “Cyber Crime Organization”. Clients have their internal IT and Security departments with a variety of talent who create applications and those that protect the applications, and data and networks and so forth. Well, so do Cyber Criminals.

As I tell my clients, Cyber Criminals are very smart and sophisticated. You need to be smarter and more sophisticated. These criminal enterprises are run like a business. They are staffed with top talent that are dedicated to the job, yes their criminal job! By having these enterprises setup and running, they can and do strike within hours of an opportunity making itself available.

Here is a look at how the” Top 10″ positions within a Cyber Criminal Organizations according to the FBI.

1. Coders/programmers, who write the exploits and malware used by the criminal enterprise.

2. Distributors, who trade and sell stolen data and act as vouchers for the goods provided by other specialists.

3. Tech experts, who maintain the criminal enterprise’s IT infrastructure, including servers, encryption technologies, databases, and the like.

4. Hackers, who search for and exploit applications, systems and network vulnerabilities.

5. Fraudsters, who create and deploy various social engineering schemes, such as phishing and spam.

6. Hosted systems providers, who offer safe hosting of illicit content servers and sites.

7. Cashiers, who control drop accounts and provide names and accounts to other criminals for a fee.

8. Money mules, who complete wire transfers between bank accounts. The money mules may use student and work visas to travel to the U.S. to open bank accounts.

9. Tellers, who are charged with transferring and laundering illicitly gained proceeds through digital currency services and different world currencies.

10. Organization Leaders, often “people persons” without technical skills. The leaders assemble the team and choose the targets.

As I said earlier, this is no longer a bored teenager looking for mischief.

Wils Bell

Information Security Recruiter
SecurityHeadhunter.com, Inc.
POB 620298
Oviedo, FL 32762
Desk: 407-365-2404

Most Organizations Now Suffer Cyber Attacks

Most Organizations Now Suffer Cyber Attacks


A recently released study by Symantec states that most organizations now suffer Cyber attacks!

The study revealed that 75 % of organizations experienced cyber attacks and 42 % of organizations rate security as their top issue.  They rate rate it higher than natural disasters, terrorism, and traditional crime combined.

Cyber attacks, which are often very effective,  cost enterprise businesses an average of $2 million per year, according to the report. The study was based on 2100 CIO’s, CISO’s and IT Managers in 27 counties and was done in January 2010.

The study also indicated that all organizations, small to large  are concerned. This is a change from the past.

I  hope this last statement is accurate since so many small to mid size firms I deal with many times don’t seem to realize they are at risk. They have the “It always seems to happen to the other guy mentality”.

Wils Bell
Information Security Recruiter
SecurityHeadhunter.com, Inc.
POB 620298
Oviedo, FL 32762
Desk: 407-365-2404
Cell: 407-718-7764
LinkedIn Profile:
Twitter: security_REC

Millions of MA Residents Exposed to Cyber Breaches

Todays Cyber Breach

From the Boston Globe:

http://www.boston.com/news/local/massachusetts/articles/2010/01/03/data_breaches_affect_million_state_residents/?rss_id=Boston.com+–+Massachusetts+news

Wils Bell
Information Security Recruiter
SecurityHeadhunter.com, Inc.
POB 620298
Oviedo, FL 32762
Desk: 407-365-2404
Cell: 407-718-7764
Twitter: security_REC

Personal Finance Predications for 2010: ID Theft

Information Security Breach

Personal Finance Predications for 2010: ID Theft

http://www.foxbusiness.com/story/personal-finance/personal-finance-predictions–id-theft/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+foxbusiness/latest+(Text+-+Latest+News)

Wils Bell
Information Security Recruiter
SecurityHeadhunter.com, Inc.
POB 620298
Oviedo, FL 32762
Desk: 407-365-2404
Cell: 407-718-7764
LinkedIn Profile:
Twitter: security_REC

Penn State notifies 30,000 of computer security breach

Cyber Security Breach

Penn State notifies 30,000 of computer security breach

http://www.post-gazette.com/pg/09364/1024438-454.stm?cmpid=news.xml

Wils Bell
Information Security Recruiter
SecurityHeadhunter.com, Inc.
POB 620298
Oviedo, FL 32762
Desk: 407-365-2404
Cell: 407-718-7764
Twitter: security_REC

LA. Firm Sue Capitol One

Security Recruiter – Daily Security Breach Notification.

Today Post from the Washington Post:  http://voices.washingtonpost.com/securityfix/2009/12/jmtest.html?wprss=securityfix

La. firm sues Capital One after losing thousands in online bank fraud

By Brian Krebs  |  December 7, 2009; 4:15 PM ET
Categories:  Small Business Victims | Tags: ach fraudjm testShare This:  E-MailTechnoratiDel.icio.usDiggStumblePrevious: Phishers angling for Web site administrators

An electronics testing firm in Louisiana is suing its bank, Capital One, alleging that the financial institution was negligent when it failed to stop hackers from transferring nearly $100,000 out of its account earlier this year.

In August, Security Fix wrote about the plight of Baton Rouge-based JM Test Systems, an electronics testing firm that in February lost more than $97,000 from two separate unauthorized bank transfers a week apart.

According to JM Test, Capital One has denied any responsibility for the losses. On Friday, JM Test filed suit in a Louisiana district court, alleging breach of contract and negligence by the bank. The firm says it is still out a total of $89,000, and that it has spent roughly $70,000 investigating and responding to the breaches.

“Capital One was not willing to make good on our losses or attempt any type of settlement,” said Happy McKnight, JM Test’s controller. “The banks are clearly taking a ‘Hey, don’t look at me!’ stance. It is so sad to wonder how many business failures this type of fraud has caused.”

Capital One declined to comment for this story.

The lawsuit is the latest to challenge whether banks are doing enough to help customers prevent losses when a virus infection, phishing attack or hacker break-in jeopardizes a company’s online banking credentials, said David Johnson, a digital media lawyer with the Los Angeles law firm Jeffer Mangels Butler & Marmaro LLP.

Johnson said that under the Uniform Commercial Code, banks generally are required to maintain “commercially reasonable” methods of providing security against unauthorized payment orders.” But he said just what constitutes “commercially reasonable” security practices has only recently been challenged, citing a recent court case in Illinoisexpected to go to trial soon in which a couple is suing their bank over $26,500 lost when cyber thieves stole the user name and password needed to access their home equity line of credit.

“The banks try to limit their responsibility by saying that customers have to monitor their accounts and notify the bank immediately if there is some kind of suspicious transfer,” Johnson said. “And it’s very rare that businesses are going to be that diligent in reviewing their online accounts.”

For its part, JM Test maintains that it alerted Capital One to the fraud on the same day as the fraudulent activity, and that the bank still failed to stop the fraud. The plaintiffs charge that Capital One violated its ownonline banking terms and conditions, which it said provide that once a Capitol One customer calls to report fraudulent activity, Capital One will close the affected customer’s existing account to prevent further unauthorized charges.

According to court documents, on Feb. 20, 2009 JM Test discovered that an unauthorized $45,640 wire transfer had been made against its account to an account at Alpha-Bank in Moscow. JM Test claims that it alerted Capital One by telephone of the fraudulent wire transfer that same day, and that the bank said it would investigate.

JM Test alleges that five days later, Capital One issued it a new user name and password. But then on March 2, the company found that thieves had broken into its online bank account yet again, this time initiating a batch of unauthorized payroll payments totaling $51,556.44. The money was sent to at least five different money mules, individuals who the attackers had apparently hired via online job Web sites to receive the transfers and then wire them out of the country.

The lawsuit further states that neither of the fraudulent transfers was initiated from an Internet address that JM Test had used previously to conduct online banking. In addition, court documents state that Capitol One advised JM Test on March 3 that it had blocked JM Test’s account, and that March 4 was the first day that it was contacted by a fraud investigator for the bank.

Businesses do not have the same legal protections against online banking fraud that consumers enjoy. Consumers generally have 60 days from receiving a bank statement to dispute any fraudulent charges, and typically those charges will be reversed. But organizations that experience fraud with their online banking accounts usually lose any money from unauthorized transactions that aren’t immediately reported to the bank, and even then there is no guarantee that all or any of the fraudulent transfers will be reversed or halted.

Cases such as JM Test’s may become more common. Many of the more than six dozen companies that I have interviewed over the past six months, and who have been vicitims of similiar fraud, said they are weighing whether to sue their banks. In September, Security Fixpublicized the case of Patco Construction, a firm in Maine that sued its bank after thieves stole the company’s online banking credentials and used them to transfer at least $588,000 to dozens of money mules throughout the United States.

“The banks cannot let this situation go on or people will start to lose confidence in them.” Johnson said. “If people start thinking they can lose real money when they deposit their money into the bank…that becomes a real business issue. If they’re going to survive, the banks are going to have to crack down on this type of fraud and stop it, and I think they know this.”

A copy of the petition filed with the Louisiana court is available here.

I should note that I finally got around to creating a separate category —Small Business Victims — that tracks this series of stories I’ve been writing about small businesses hit by cyber fraud. This piece marks the 25th story in that series.

By Brian Krebs  |  December 7, 2009; 4:15 PM ET
Categories:  Small Business Victims | Tags: ach fraudjm testShare This:  E-MailTechnoratiDel.icio.usDiggStumblePrevious: Phishers angling for Web site administrators

Security Breach Compromises Information

Security Recruiter – Daily Security Breach Report from the Web

Security breach compromises information on 1,400 District 86 grads

December 4, 2009
By SANDY ILLIAN BOSCH sbosch@pioneerlocal.com

A security breach discovered last month at the University of Nebraska involved the names, addresses and Social Security numbers of 1,400 Hinsdale High School District 86 graduates.

The breach involved a computer in the College of Education and Human Sciences at the Lincoln campus. The university’s investigation revealed the computer had not been adequately secured, allowing unauthorized external access to the computer and its information.

Associate Dean Deb Mullen said the information about students who graduated between 2002 and 2005 was used in a study intended to analyze the practices of school districts and what could be done to improve test performance.

“The district was doing it for school improvement,” Mullen said.

The information was provided to the university by the ACT organization, with permission from District 86, according to Mullen. She said it is not uncommon for researchers to obtain student information from school districts. The difference, she said, is that these days the students are identified by randomly assigned student identification numbers.

“Back in those days Social Security numbers were used as ID numbers,” she said.

Letters were sent to all 4,000 students whose information was made accessible through the security breach. Although no one has reported the misuse of information involved in the security breach, Mullen said she has fielded many calls from former students who did not understand how the University of Nebraska had their information. She said many people involved also have accepted the university’s offer to pay for a year of LifeLock identity protection.

Also included among the 4,000 names involved in the security breach were students from Glenbard District 87 and students from schools in South Sioux City, Neb. Mullen said all of the information has been purged from the university’s records.

Representatives from District 86 could not immediately be reached for comment Friday.

Source: http://www.pioneerlocal.com/clarendonhills/news/1921349,hi-d86security-120409-s1.article

Presented by:

Wils Bell – Security Recruiter

SecurityHeadHeadhunter.com

407-365-2404

Bell (at) SecurityHeadhunter.com

Web: SecurityHeadhunter.com

LinkedIn Profile: http://www.linkedin.com/in/wilsbell

“Why work with a generalized recruiter when you could work with a specialized Security Recruiter!!”